160 likes | 270 Views
Campus Approaches to Improving Cyber Security Awareness. Presented by: Krizi Trivisani, Chief Security Officer The George Washington University EDUCAUSE Live! October 6, 2004. Agenda. What is security awareness? Why is awareness important? Awareness and Higher Education
E N D
Campus Approaches to Improving Cyber Security Awareness Presented by: Krizi Trivisani, Chief Security Officer The George Washington University EDUCAUSE Live! October 6, 2004
Agenda • What is security awareness? • Why is awareness important? • Awareness and Higher Education • EDUCAUSE Security Education & Awareness Working Group • Higher Education Events in October • Cyber Security Resources CD • GW’s Cyber Security Awareness Day • Questions
What is Security Awareness? Security awareness is knowledge of potential threats. It is the advantage of knowing what types of security issues and incidents members of your organization may face in the day-to-day routine of their University functions. Technology alone cannot provide adequate information security. People, awareness and personal responsibility are critical to the success of any information security program.
Why is Security Awareness Important? Security is only as strong as it’s weakest link. Security relies on people. Technology is important, but if people are unaware of security issues, even the best technology will not ensure that information is protected. If people are ill-prepared, information is threatened by: • Social engineering • Abuse of privileges and trust • Misuse of systems and network • Password guessing • Physical access to bypass controls • Theft of laptops, storage media, and other technologies • Accidental disclosure • Financial Fraud
Security Task Force Education & Awareness Working Group Mission/Purpose: The Education and Awareness Working Group will identify and take steps to implement and/or publicize various methods by which awareness of information technology security issues are raised amongst university and college computer and network users, administrators, and executives. http://www.educause.edu/security
Security Task Force Education & Awareness Working Group Team Goals/ Expected Outcomes (Deliverables and Metrics): The team will: 1) Identify current projects and current materials and methods (primarily developed within the higher education and non-profit communities, but also vended products) where they have been proven to be (or may be) particularly useful to universities and colleges. 2) Use existing methods available via EDUCAUSE and Internet2 to publicize identified offerings. 3) Where gaps may exist in available offerings, commission development of programs or materials as needed.
Higher Education Events in October Meeting IT Challenges: National Strategies and Local Solutions Virginia Alliance for Secure Computing and Networking (VASCAN) and The Association of Collegiate Computing Services (ACCS) Charlottesville, VA October 11-12, 2004 http://www.virginia.edu/housing/conferences/Website2003/3univevents/vascan_accs/index.htm Symposium on Cybersecurity Policy National Press Club in Washington, DC October 12-13, 2004 www.cylab.cmu.edu/default.aspx?id=277
Higher Education Events in October Guide to Implementing an Effective Security Education & Awareness Program EDUCAUSE 2004 Pre-Conference Seminar Denver, Colorado October 19, 1-4:30 p.m. www.educause.edu/asp/conf/function.asp?PRODUCT_CODE=E04/SEM11P&ME NSCA’s National Cyber Security Awareness Month Focus on Education Week Three October 18 – 22, 2004 www.staysafeonline.info
Cybersecurity Awareness Resources CD • The Education & Awareness Working Group of the EDUCAUSE/Internet2 Security Task Force compiled cyber security awareness resources that will be distributed on a CD. • The resources were collected to showcase the variety of security awareness efforts underway at institutions of higher education and to provide resources for colleges and universities that are looking to jump-start a program for their organization.
What’s on the CD? • Book Marks • Brochures • Checklists • Flyers • Games • Government Resources • Handouts • Industry Resources • Links to School’s Security Web Page(s) • Pamphlets • Post Cards • Presentations • Security Awareness Documents • Security Cards • Security Tools • Security Quizzes • Surveys • Videos
GW’s Cyber Security Awareness Day November 1, 2004 Targeted to GW Community but open to the public Two main events: • Cyber Security Awareness Forum • Cyber Security Awareness Fair FREE – thanks to help from sponsors!
Cyber Security Awareness Forum Four speaker sessions • “Cybersleuths: High Technology Crime Investigators” • Panel Topic – “How Direct Recording Electronic (DRE) voting machines can do tomorrow what a paper ballot count could not do in the 2000 election.” • “Information Security: From Brains to Bits” • "Exploitation and Countermeasure in Open-access High-speed Networks"
Tables with Games PC Security - Personal Firewalls and Patching Virus Clinic Strong Authentication Creating Good Passwords Identity Theft Incident Response GWireless Peer to Peer Information Security Handouts Other Attractions Mobile Information Warfare Lab Security Videos Area Door Prizes Popcorn Stand Cotton Candy Stand Caricaturist Fortune Teller Cyber Guy and Cyber Gal to engage the community Cyber Security Awareness Fair
Questions? • Contact • Krizi Trivisani krizi@gwu.edu